openjpeg2: CVE-2016-9118

Related Vulnerabilities: CVE-2016-9118  

Debian Bug report logs - #844557
openjpeg2: CVE-2016-9118

version graph

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 16 Nov 2016 20:33:05 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in version openjpeg2/2.1.2-1

Fixed in versions openjpeg2/2.1.2-1.2, openjpeg2/2.2.0-1

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/uclouvain/openjpeg/issues/861

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#844557; Package src:openjpeg2. (Wed, 16 Nov 2016 20:33:07 GMT) (full text, mbox, link).


Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Wed, 16 Nov 2016 20:33:07 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openjpeg2: CVE-2016-9118
Date: Wed, 16 Nov 2016 21:30:31 +0100
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/861

Hi,

the following vulnerability was published for openjpeg2.

CVE-2016-9118[0]:
| Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of
| convert.c:1719 in OpenJPEG 2.1.2.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9118
[1] https://github.com/uclouvain/openjpeg/issues/861

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



Added tag(s) fixed-upstream. Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (Thu, 03 Aug 2017 17:48:43 GMT) (full text, mbox, link).


Marked as fixed in versions openjpeg2/2.1.2-1.2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 12 Aug 2017 04:09:06 GMT) (full text, mbox, link).


Marked Bug as done Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 12 Aug 2017 04:09:06 GMT) (full text, mbox, link).


Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 12 Aug 2017 04:09:07 GMT) (full text, mbox, link).


Message sent on to Salvatore Bonaccorso <carnil@debian.org>:
Bug#844557. (Sat, 12 Aug 2017 04:09:12 GMT) (full text, mbox, link).


Message #16 received at 844557-submitter@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: control@bugs.debian.org
Cc: 844557-submitter@bugs.debian.org
Subject: closing 844557
Date: Sat, 12 Aug 2017 06:06:43 +0200
close 844557 2.1.2-1.2
thanks

Moritz fixed this in the 2.1.2-1.2 NMU.




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 15 Sep 2017 07:28:25 GMT) (full text, mbox, link).


Bug unarchived. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 23 Sep 2017 11:48:04 GMT) (full text, mbox, link).


Marked as fixed in versions openjpeg2/2.2.0-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 23 Sep 2017 11:48:04 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 18 Nov 2017 07:29:03 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:33:49 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.